Foxconn confirms cyberattack after Wisconsin production outage

Editor’s note: This story has been updated with a May 12 statement from Foxconn confirming that some North American factories suffered a cyberattack. It also includes Foxconn’s earlier statement confirming a Wisconsin IT systems issue, details from a verified Mount Pleasant worker account and a May 11 leak-site claim by the Nitrogen ransomware group. Foxconn did not identify the affected factories or address Nitrogen’s data-theft claim.

Update, May 12: Foxconn confirmed that some of its factories in North America suffered a cyberattack and said affected factories are resuming normal production.

“Some of Foxconn’s factories in North America suffered a cyberattack,” the company said in a statement provided to DysruptionHub. “The cybersecurity team immediately activated the response mechanism and implemented multiple operational measures to ensure the continuity of production and delivery. The affected factories are currently resuming normal production.”

Foxconn did not identify which North American factories were affected, say whether its Mount Pleasant campus was among them, address the Nitrogen ransomware group’s May 11 data-theft claim or say whether data was stolen, systems were encrypted or a ransom demand was made.

The Nitrogen ransomware group listed Foxconn on its leak site Monday, May 11, days after Foxconn confirmed an IT systems issue affecting operations at its Wisconsin sites. The group claimed to possess 8 terabytes of Foxconn data, comprising more than 11 million files, and posted sample images it described as proof of leakage.

The post reflects the group’s claim, not independent confirmation from Foxconn. DysruptionHub could not independently verify whether the files were authentic, whether data was stolen or whether the claim is connected to the Mount Pleasant disruption.

Foxconn has not confirmed ransomware, data theft or a ransom demand. The company’s statement described the Wisconsin disruption as a technical issue affecting IT systems and said certain functions were being gradually restored.

A Nitrogen ransomware group leak-site post claimed the group possessed 8 terabytes of Foxconn data. Foxconn has not confirmed the claim or said whether it is connected to the Wisconsin IT systems issue affecting operations.

Electronics manufacturer Foxconn said IT systems at its Wisconsin sites experienced a technical issue affecting operations after workers reported a multi-day network outage that disrupted production at the company’s Mount Pleasant campus.

The disruption raises questions about a possible cybersecurity incident at Foxconn’s Mount Pleasant site, the center of its Wisconsin manufacturing operations. Recent state and company announcements have tied the site to AI servers, data infrastructure and a planned Racine County expansion.

“Recently, our IT systems in Wisconsin sites experienced a technical issue affecting operations,” Foxconn said in a statement provided to DysruptionHub. “We immediately activated our emergency response mechanism and implemented a series of contingency measures to ensure the continuity of production and delivery, as well as the protection of data.”

The company said certain IT system functions were being gradually restored, overall plant operations remained stable and employees whose work arrangements were affected would resume their duties and receive payment for time not worked.

Foxconn did not say what caused the technical issue, when it began, which systems were affected or whether it had ruled out a cybersecurity incident. The company also did not confirm ransomware, data theft or a ransom demand.

A redacted public Facebook post reviewed by DysruptionHub included an internal notice saying Foxconn operations would remain closed because of ongoing network issues. Foxconn later confirmed that IT systems at its Wisconsin sites experienced a technical issue affecting operations.

A Mount Pleasant Foxconn worker whose employment was verified by DysruptionHub said the disruption began for employees Friday morning. The worker, who requested anonymity because they were not authorized to speak publicly, said employees arrived around 7 a.m. and were told there was no Wi-Fi. By about 11 a.m., the worker said, a manager told employees to leave because the network was down.

The worker said timecard terminals were unavailable, employees filled out paper timesheets, computers were off and workers were told not to log in. The worker also said a security guard told employees to remove their phones from Wi-Fi if connected.

The worker said a lead told employees to describe the problem only as a network issue, though they were not given a fuller explanation of what caused the outage.

The worker said employees received an email Friday saying the site was shutting down with an anticipated return date of Monday, May 4. That return did not happen, the worker said, and updates later came through manager texts on a day-to-day basis.

Internal notices reviewed by DysruptionHub also cited ongoing “network issues” affecting operations. One notice said the company could not continue normal activities and that operations would remain closed for the rest of the day “to ensure the safety, efficiency, and integrity” of company processes.

A separate notice said there would be no first-shift production Tuesday, May 5, because of continued network issues. Public Facebook posts reviewed by DysruptionHub also included accounts from people who said the disruption had been ongoing since Friday and that the facility was closed Sunday.

The available indicators raise cybersecurity questions because the outage affected operations, production, timekeeping, workplace computers and secure system access, rather than a narrow public website or local connectivity issue. That assessment is based on operational symptoms, internal notices, worker accounts and Foxconn’s confirmation of an IT systems issue affecting operations, not confirmation of a cyberattack.

Chip in once If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.

Tip us

Support us monthly A small monthly pledge keeps independent coverage and our reader tools online for everyone.

Become a Supporter

The worker said employees had heard rumors of a data breach, but Foxconn has not confirmed a data breach and DysruptionHub could not independently confirm the claim. No public ransomware claim tied to the Wisconsin outage was found in open web searches reviewed by DysruptionHub.

Foxconn has previously dealt with ransomware at Mexican facilities. A 2020 DoppelPaymer attack affected a Foxconn-owned facility in Ciudad Juárez tied to its North America operations, and a 2022 ransomware incident disrupted production at its Foxconn Baja California factory in Tijuana. No ransomware claim or attack type has been confirmed in the Wisconsin outage.

As of publication, Foxconn had confirmed a Wisconsin IT systems issue affecting operations but had not publicly explained the cause, identified affected systems, said whether all production had resumed or said whether it had ruled out a cybersecurity incident.

Attribution note: DysruptionHub credits upstream reporting and primary sources—see citations above. If this report informed your coverage, please cite DysruptionHub with a link.